Taint and tolerations
How Kubernetes taints and tolerations work together to control pod scheduling on specific nodes.
Taint and tolerations
Taints are set on Nodes
Tolerations are set on Pods
Taints
Taints are applied to nodes to repel pods that do not have a matching toleration. The following command taints a node so that only pods tolerating app=blue with effect NoSchedule will be scheduled on it.
1
2
kubectl taint nodes arch app=blue:NoSchedule
node/arch tainted
Other taint effect options:
- NoSchedule
- PreferNoSchedule
- NoExecute
Create a corresponding pod with tolerations
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
apiVersion: v1
kind: Pod
metadata:
labels:
run: nginx-controller
name: nginx-controller
spec:
containers:
- image: nginx
name: nginx-controller
tolerations:
- effect: NoSchedule
key: app
operator: Equal
value: blue
Here is another practical example. First, taint the node, then create a pod with the matching toleration so it can be scheduled on the tainted node.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
kubectl taint node node01 spray=mortein:NoSchedule
node/node01 tainted
cat bee.yaml
apiVersion: v1
kind: Pod
metadata:
labels:
run: bee
name: bee
spec:
containers:
- image: nginx
name: bee
tolerations:
- effect: "NoSchedule"
key: "spray"
value: "mortein"
operator: "Equal"
Untaint controlplane in Katacoda
To allow regular workloads to be scheduled on the controlplane node, remove the taint by appending a - to the taint key.
1
kubectl taint node controlplane node-role.kubernetes.io/master:NoSchedule-node/controlplane untainted
This post is licensed under CC BY 4.0 by the author.